Multiple flaws in php-symfony. References: https://symfony.com/blog/category/security-advisories Multiple versions affected.
Created php-symfony tracking bugs for this issue: Affects: epel-all [bug 1591302] Affects: fedora-all [bug 1591303]
(In reply to Pedro Sampaio from comment #0) > Multiple flaws fixed in symfony 5.3.2 > > References: > > https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ > > Ps. Some of the CVEs were not fixed in this release. The reference points to Passenger 5.3.2 security advisory that talks about CVE-2018-12029 "CHMOD race vulnerability". This has nothing to do with the Symfony issues. All Symfony security issues can be found here: https://symfony.com/blog/category/security-advisories CVE-2017-16652: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers CVE-2018-11385: https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication CVE-2018-11386: https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler CVE-2018-11406: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation CVE-2018-11407: https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password CVE-2018-11408: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
Created php-symfony-symfony tracking bugs for this issue: Affects: epel-6 [bug 1591749] Created php-symfony3 tracking bugs for this issue: Affects: fedora-all [bug 1591750] Created php-symfony4 tracking bugs for this issue: Affects: fedora-all [bug 1591748]
(In reply to Alexander Bergmann from comment #2) > (In reply to Pedro Sampaio from comment #0) > > Multiple flaws fixed in symfony 5.3.2 > > > > References: > > > > https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ > > > > Ps. Some of the CVEs were not fixed in this release. > > The reference points to Passenger 5.3.2 security advisory that talks about > CVE-2018-12029 "CHMOD race vulnerability". This has nothing to do with the > Symfony issues. > > All Symfony security issues can be found here: > > https://symfony.com/blog/category/security-advisories > > CVE-2017-16652: > https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on- > security-handlers > CVE-2018-11385: > https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard- > authentication > CVE-2018-11386: > https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using- > pdosessionhandler > CVE-2018-11406: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation > CVE-2018-11407: > https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a- > misconfigured-ldap-server-when-using-an-empty-password > CVE-2018-11408: > https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on- > security-handlers Indeed. Thank you for the correction.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.